HIPAA compliance for contact centers has been an important issue for every healthcare organization since legislation relating to the security of protected health information (PHI) was enacted in the Health Insurance Portability and Accountability Act (HIPAA) in 2013.
HIPAA affects all types of healthcare providers, such as hospitals, physicians, dental offices, pharmacies, as well as healthcare clearinghouses and health insurers. If a healthcare organization is using a third-party to perform a function on behalf of a healthcare organization, such person or business entity is also subject to HIPAA rules and must comply with HIPAA regulations.
Such third party organizations and persons are defined as Business Associates (BA) in HIPAA and include software vendors, third-party billing companies, claim processors, debt collectors and outsourced contact centers.
This means, both types of contact centers, whether in-house or outsourced, must comply with regulations set by HIPAA. The most important parts of HIPAA that affects contact centers are the Standards for Privacy of Individually identifiable Health Information, known as the Privacy Rule, and the Security Rule.
The HIPAA Privacy Rule protects all individual health information (protected health information, abbreviated as PHI) held by healthcare organizations and their business associates. The protected health information includes patient’s name, date of birth, social security number, address and payment information.
The Security Rule specifies a series of administrative, physical, and technical safeguards for healthcare companies and their business associates (including contact center outsourcer) to use to assure the confidentiality, integrity, and availability of electronic protected health information.
The privacy Rule sets also a list of guidelines on how healthcare organizations (Covered Entities) and their business associates should use and disclose personal health information, whether written oral or in electronic format and it also describes an array of patients’ rights with respect to that information.
Five tips to ensure your contact center is HIPAA compliant:
Implement privacy procedures and conduct on-going training for employees to ensure you fully comply with HIPAA.
Encrypt all electronic files, containing protected health information, including call recording files.
Enforce a strong password policy. Make sure the agents workstation are secured with strong passwords and call recordings with patient information can be accessed by authorized employees only.
Regularly conduct security assessments. This ensures that your contact center does not have any gaps in data security.
Have a disaster recovery plan. Set up back-up policies, so that all patient’s data can restored and retrieved in case of hardware failure or catastrophic events.
Please, learn more how MiaRec call recording software can help your organization to be HIPAA compliant.